In August, NIST - part of the Commerce Department - issued the first version of its smart grid cybersecurity guidelines, and a Government Accountability Office audit released Wednesday credited NIST for largely addressing key cybersecurity elements in its guidelines, such as an assessment of the cybersecurity risks associated with smart grid systems and the identification of security requirements such as controls that are essential to securing such systems.

But GAO said in the 50-page report (see Electricity Grid Modernization: Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed) the guidelines failed to address the risk of a combined physical security-cybersecurity attack. NIST also identified other key elements such as cryptography and supply chains vulnerabilities that need to be added to the guidance.

"Until the missing elements are addressed," the GAO audit said, "there is an increased risk that smart grid implementations will not be secure as otherwise possible."

Commerce Secretary Gary Locke, in a written response, said he generally agreed with the GAO's findings, adding that such physical-cyber guidance is being developed.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;